To solve the challenge one should have the basic knowledge of GraphQL.
What is Introspection in GraphQL?
GraphQL introspection allows to query all information related to the supported schema and queries on a GraphQL server instance.The introspection feature allows you to query the schema and discover the available queries, mutations, subscriptions, types and fields in a specific GraphQL API.
The server exposes following introspection queries on the Query operation. The introspection query start with (__)
__schema.
__type.
__typename.
Now the challenge has the search functionality. So to understand it, lets fireup Burp and capture the requests and responses.
As we can see the search query the rockets for the country. Now we want to look for all the available tables/schemas using below command.
So as we see, there are couple of schema “rockets” and “IAmNotHere”.
Lets find out the name of columsn in short you can say using
If you take a close look at the args, that is required to extract the data, if not provided we will get error.
So now if we look the error clearly mentioned that argument country is required. Same way for schema “IAmNotHere” very_long_id is required. Lets try to query “IAmNotHere”
The error says we need the int value for ‘very_long_id’ which is not provided.Lets provide that and see what we get in response.
Lets use the burp intruder for this and use numbers for bruteforcing. We got the flag.
